#1 Global Leader in Data Resilience
#1 Global Leader in Data Resilience
TRY NOW
book meeting
BACK TO KB LIST

Archiving Job Fails With: "Failed to provision a proxy appliance : Unable to connect by SSH to Appliance."

KB ID: 4320
Product: Veeam Backup & Replication | 11 | 12 | 12.1 | 12.2 | 12.3 | 12.3.1 | 12.3.2 | 13
Published: 2022-06-14
Last Modified: 2025-03-28
mailbox
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.

Cheers for trusting us with the spot in your mailbox!

Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest

error icon

Oops! Something went wrong.

Please, try again later.

Challenge

An Archiving Job for a Scale-Out Backup Repository fails with the error: 
Failed to provision a proxy appliance: Unable to connect by SSH to Appliance.
Failed to provision a proxy appliance: Unable to connect by SSH to Appliance.
Log Example 
[dd.mm.yyyy hh:mm:ss] <tid> Warning Failed to provision a proxy appliance: Unable to connect by SSH to appliance.
[dd.mm.yyyy hh:mm:ss] <tid> Error Failed to login to host: '<appliance_ip>', port: 22, elevation to root: 'yes', autoSudo: no, use su if sudo fails: no, host name: , IPs: [<appliance_ip>], AuthenticationData: [UserName: ubuntu, AuthTypes: [KeyboardInteractive, Password]]. Unable to establish connection to host <appliance_ip> on any IP address. (System.Exception)

Cause

This issue most commonly occurs when the Firewall or Security groups in AWS/Azure have blocked port 22.

This issue may also occur if an outbound Firewall rule for the environment has blocked port 22.

Solution

Check Firewall Configuration

Review the Used Ports: Archive Object Storage Repository section of the Veeam Backup & Replication User Guide. Confirm that necessary Firewall and Security Group settings have been configured to ensure communication.

 

Isolation Test Guide

This section provides a step-by-step guide on performing isolation testing to determine if the Port 22 of the Archive Proxy Appliance can be reached.

Note: This process will start all offload/archiving jobs. The offload is started because the appliance is non-persistent and only exists during the archive tier task. Please take this into account and run this after production hours if needed. The IP of the Archive Proxy Appliance is assigned from the Archive Tier Properties under Subnet Settings.

  1. Assign a specific Windows server as the Gateway Server for the Archive Tier's Object Storage Repository.
    This is done so you know which server to perform the isolation test from in the later steps.
    1. Edit the Object Storage Repository assigned as the Archive Tier for the Scale-Out Backup Repository.
    2. Select the Account Tab ( S3 Glacier | Azure Archive ).
    3. On the Account tab, enable "Use the following gateway server:"
    4. Assign a Windows server that can connect to the Cloud Storage. 
      The server you select as the Gateway Server is the one from which you will run the test in Step 4.
  2. Force the Tiering Job to start.
    This is done because the Archive Tiering Appliance is non-persistent and only exists when an Archiving Task occurs.
    1. Hold the Ctrl key on the keyboard and right-click on the Scale-Out Backup Repository.
    2. In the context menu, select "Run tiering job now"
Run tiering job
  1. Identify the IP address of the Archiving Job's Proxy Appliance(s).
AWS Instance List
For AWS EC2, when the Archive Tier task starts, you will find the IP of the Proxy Appliance here.
Azure Virtual Machines list
For Azure, when the Archive Tier task starts, you will find the IP of the Proxy Appliance here.
  1. Connect to the Gateway Server you assigned in Step 1 and perform the Isolation Test.
    This will isolate whether the communication issue is a problem within Veeam Backup & Replication or the environment itself.
    1. Connect the Gateway Server
    2. Open an Administrative PowerShell WindowTip:
      1. Right-Click the Start button
      2. Tap the "a" key
      3. Tap the left arrow key
      4. Hit the spacebar
    3. Run the following command:
      Replace <app_IP> with the Proxy Appliance's Public IP
Test-NetConnection -ComputerName "<app_ip>" -Port 22

Reviewing Results

If this KB article did not resolve your issue or you need further assistance with Veeam software, please create a Veeam Support Case.

To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.

Spelling error in text

Thank you!

Thank you!

Your feedback has been received and will be reviewed.

Oops! Something went wrong.

Please, try again later.

You have selected too large block!

Please try select less.

KB Feedback/Suggestion

This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
By submitting, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
Verify your email to continue your product download
We've sent a verification code to:
  • Incorrect verification code. Please try again.
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!

Thank you!

Your feedback has been received and will be reviewed.

error icon

Oops! Something went wrong.

Please, try again later.